Instance Security Center

by Rob Plank

Introduced in the Madrid release of ServiceNow, Instance Security Center is a new and improved version of the instance security dashboard that was introduced in Jakarta. The new security center gives you a Centralized Compliance view of security PKIs that will allow you to get a baseline of the security events in your instance every day. Additionally, Security Center provides you with a daily compliance Score, Predefined Audit Control Categories, Built-in Remediation guidance, email tracking.

On the Portal you can see key security KPIs that allow you to get a quick view of the security events in your instance (note there is 7 score cards that can be shown if you click edit). These PKIs can point out if you have an internal or external attack in your instance or allow you to baseline what the normal counts of these events are in your instance. The screenshot above is from a developer instance if you want to compare your production compliance score to a brand-new instance’s score.

Here are just a few of the threats you monitor for from this dashboard view.

Many failed logins can point to a brute force password attack on user accounts.

Admin users added, could mean current admins are creating backdoors or and admin account is compromised and creating backdoor accounts.

This is the build-in remediation guidance part of the portal that will guide to a higher Daily Compliance Score. Currently there is 35 Mandatory, 28 recommended and 11 Optional checks that cover 13 different categories.

One the things I really like about this is that its built into the platform this allows ServiceNow to add recommendations as new threats are found. Additionally, the UI allows you to quickly see your compliance that could be provided in reports to management or you can switch over to the detailed records section and get detailed setups on how to resolve the items you are non-compliant with.